New rules on cookies to come into effect in Europe

"explicit consent required"

sullen

The directive demands that users be fully informed about the information being stored in cookies and told why they see particular adverts.

Specifically excluded by the directive are cookies that log what people have put in online shopping baskets.

However, the directive is likely to have an impact on the more general use of cookies that remember login details and enable people to speed up their use of sites they visit regularly.

I don't use cookies very often, but is this the end of affiliate marketing? Also I wonder if a little box that says "remember me" counts as explicit consent? I think they are going to have trouble enforcing this...

jamie

12:56 pm on Mar 8, 2011 (gmt 0)

what about existing forums with large userbases - will i have to contact every member to get their approval?

or even the facebook api - if i use the facebook sdk, does that count against me or is it facebook who need the permission?

or even simple things such as remembering someone's shipping preferences in a cookie to speed up checkout for other products. does that mean i'll have to ask for permission for that too?

it doesn't seem very clear to me and imo it goes against our unobtrusive efforts to make our site easier to use.

HuskyPup

2:49 pm on Mar 8, 2011 (gmt 0)

System: The following 3 messages were spliced on to this thread from: http://www.webmasterworld.com/webmaster/4278440.htm [webmasterworld.com] by engine - 5:51 pm on Mar 8, 2011 (utc 0)From 25 May, European laws dictate that "explicit consent" must be gathered from web users who are being tracked via text files called "cookies".

LifeinAsia

The new laws go into effect May 25, but the regulations themselves won't be in place by then.

However, Mr Graham stressed that the government's confession that the regulations will be delayed should not be a spur to inaction.

Tell me, Mr. Graham, exactly how is one supposed to take action if one does not know what the regulations are that one is supposed to be compliant with?

wyweb

5:34 pm on Mar 8, 2011 (gmt 0)

I don't mind cookies. They help me login. They remember the contents of my shopping cart if I have to come back tomorrow. They remember my preferences and I like that. They even tell me what I looked at recently and I like that too. There's a possibility I might want to look at it again.

Government rarely gets it with the internet. It's still so new and has gotten so large.... they're playing catch up and doing it poorly at times.

Information Commissioner Christopher Graham said: "I cannot bark at the industry at the moment because I have not got the regulations."

Bark anyway, in any direction. Up or down. My guess is that you're waiting for your handlers to tell you what that bark should sound like.

jecasc

9:14 pm on Mar 8, 2011 (gmt 0)

In my opinion they should simply ban any other means than cookies to identify a visitor - like browser fingerprinting. That should be enough. I can control the cookies with my browser settings.

edit_g

10:44 pm on Mar 8, 2011 (gmt 0)

There's the issue. If they ban cookies (which users can control) analytics companies and publishers will just move on to browser fingerprinting (which has far worse privacy implications). But hey, why ask the people who know anything about this stuff...

Asia_Expat

10:55 pm on Mar 8, 2011 (gmt 0)

I've been using browser fingerprinting for years, in order to identify forum abusers and trolls that think they can can hide their identity by using a proxy.

gmb21

1:11 am on Mar 9, 2011 (gmt 0)

Does anyone know if this will apply to sites hosted in the USA that get traffic from Europe?

yaix2

6:09 am on Mar 9, 2011 (gmt 0)

You could put a popup windows in from of most users asking if they want to install a spyware and most people would still click [Ok] out of pure habit without even reading.

"Informing" the user is useless if they don't care to read anything. It's not like the way cookies work was a big secret.

How about instead banning flash "cookies" and similar sneaky ways to get around browser settings?

yaix2

6:19 am on Mar 9, 2011 (gmt 0)

Early work by the ICO suggests that gathering consent by changing settings on browsers may not be sophisticated enough for the demands of the directive.

How are the browser settings not "sophisticated enough"?! Having 100% control over the behavior of each cookie is not "sophisticated enough"? What would be more "sophisticated" then?

topr8

10:36 am on Mar 9, 2011 (gmt 0)

>>They remember the contents of my shopping cart if I have to come back tomorrow.

cookies used for shopping carts will be specifically excluded from the directive.

httpwebwitch

12:56 pm on Mar 9, 2011 (gmt 0)

Who is going to comply with this? Cookies are part of how the web works, they're built in to legacy software. Outlawing cookies is like... outlawing ceramic tiles.

It would be much much much easier to build the "ask for permission" logic into browsers themselves. Then people who care about this could choose to use a Euro browser, which bugs them with a popup whenever they visit a new site that uses cookies.

bouncybunny

1:07 pm on Mar 9, 2011 (gmt 0)

This sounds like an unworkable monstrosity that will benefit neither website owners or visitors and ignores the real issues of internet privacy.

vordmeister

1:16 pm on Mar 9, 2011 (gmt 0)

Does anyone have a link to details of what the regulation is likely to be? I recall some talk about this last year but it was even more vague than the BBC article.

johnmoose

vordmeister

3:26 pm on Mar 9, 2011 (gmt 0)

The IOC (information Commissioner's Office) is as clear as mud about what they are trying to enforce. Seems a bit mad they issue a press release (they were the source of the BBC article) before they know what it is they want to say.

Here's info with links to more info [out-law.com...] Seems they do want user consent for each cookie. The article describes it as breathtakingly stupid.

albo

3:53 pm on Mar 9, 2011 (gmt 0)

If the user's permission is to be gained via popups, and if the user has popups blocked, then how is the user's permission to be gained?

engine

4:24 pm on Mar 9, 2011 (gmt 0)

25th May is way too soon as they don't even know how they are going to manage or police the issue.

Seb7

9:01 pm on Mar 9, 2011 (gmt 0)

Maybe we should all contact any website that is government run, and tell them their website is making illegal use of cookies.

I change my sites when I see most of the government websites made their changes.

[edited by: Seb7 at 9:02 pm (utc) on Mar 9, 2011]

Trav

9:02 pm on Mar 9, 2011 (gmt 0)

Is anyone thinking that they're putting this mark on the calendar to facilitate back-dating of future fines? Seems like the only thing they stand to gain by making such a detail-free announcement would be the setting of a legal precedent.

Seb7

Leosghost

Last time I looked at the official Vatican site it threw me over 100 cookies just on the home page before it had finished loading ..

Many of our national sites , ministries etc ( France ) load over 50 cookies before the home page is done ..

I'm making pop corn ..this could be fun ;-)

Solution1

8:50 am on Mar 10, 2011 (gmt 0)

In the Netherlands there's been a discussion about implementing this directive in law, between the government and representitives of web ad companies. The concern was that websited would become too cumbersome to use, if a warning would be needed for every single cookie.

What came out of this, is that you only need to mention that you are using cookies. Users are supposed to be able to block cookies in their browsers. Popups and such, to warn that a website is using cookies, are not required.

jmccormac

1:18 am on Mar 11, 2011 (gmt 0)

So from the morons who brought us the .eu fiasco (just a jobs for the boys opportunity for the Belgian ccTLD registry) we now have the cookies mess? The EUnuchs are not the most popular people in Ireland right now (right down there with bankers and politicians) and their peabrained legislation is likely to be ignored.

Regards...jmcc

piatkow

8:32 am on Mar 11, 2011 (gmt 0)

Last time I looked at the official Vatican site it threw me over 100 cookies just on the home page before it had finished loading ..

The Vatican City is an independent country and is not a member of the EU so they can carry on.

What came out of this, is that you only need to mention that you are using cookies.

I am sure that Whitehall will find ways to gold plate the legislation for UK use as usual.

McSpike

12:08 pm on Mar 17, 2011 (gmt 0)

Until all govt sites are doing it, I won't do it. Period. End of story.

Seb7

From 25 May, European laws dictate that "explicit consent" must be gathered from web users who are being tracked via text files called "cookies".

lucy24

2:31 pm on May 10, 2011 (gmt 0)

Uhmm... They're going to confiscate all existing browsers to eliminate the cookie-related Preference settings, and buy everyone a brand-new one that can only do what the law allows it to do?

Are they setting up hotlines to deal with the thousands if not millions of callers who run to the phone in panic wanting to know what their computer is trying to do? Remember, there's a world of people out there who profess not to know what a "browser" is, even while in the act of using one.

That humming sound in the distance is programmers hard at work developing cookie formats that collect and hold every piece of user infomation that anyone might ever conceivably want to store, because nobody is going to click Accept several dozen separate times.